The pervasive informality of the international cybersecurity regime: Geopolitics, non-state actors and diplomacy

Abstract

ABSTRACT The international cybersecurity regime typifies the rise of informality in modern global governance. Despite the increase in sophisticated cyber operations globally, states do not embrace formal multilateral cooperation to prevent and mitigate them. What explains the preference for informal governance in international cybersecurity, and why have non-binding agreements around “responsible behaviour” proliferated in this domain? In introducing a special issue that highlights various dimensions of informal international cybersecurity governance, this article analyses two major factors that deepen informality: multipolar geopolitics, which has made formal cooperation difficult, and the rise of non-state actors, whose technical standards not only emerge as de facto governance standards, but who have also engaged in cyber diplomacy through informal channels. Drawing on recent scholarship that explains the emergence of informality in global governance, the article calls for greater attention to be paid to the substantive outcomes of informal institutions to understand their stickiness in regimes.